Secure Password Management in Companies
The problem: Companies treat their passwords much too carelessly
A survey published by ISACA in the UK in 2013 showed that 49.7% of respondents were using the same 2 or 3 passwords across multiple accounts/websites. Especially for companies, those numbers should be alarming, since confidential business and customer data as well as guarantors for sales as the company website can be compromised. For example, if an employee leaves the company and the passwords are not changed after that, he or she can still access all the accounts theoretically. In the worst case, there is even a default password for logins which are used by several members of a team. This may sound logical, because companies usually own dozens of logins and accounts. But in regard to security of company data, it is a real catastrophy.
But: Many companies simply don't think enough about password management or believe it is too time-consuming to take according measures. Even if employees leave the company on bad terms it does often not lead to important logins being centrally changed. Password policies which would instruct employees to select their passwords with a minimum of security, do not exist or are not enforced.
Furthermore, it is accepted that people use the same passwords for private and business accounts. Passwords for common accounts are sent unencrypted via e-mail or via messengers like Skype to others. Password lists are created in common folders on company servers or, for example, in Google Drive - often unencrypted as well! It seems as if companies simply hope that they will get off lightly. But it is easily possible to manage passwords in teams securely and efficiently.
The solution: How to get password management in companies right
Companies which take password security seriously should set the following items on their to-do list:
Sensitize and inform employees
It is important that all employees in the company know why weak and repeating passwords are a threat to data security. Depending on the company size, a guide for dealing with passwords should be created and employees should be informed in meetings or even have trainings.
Provide a contact person
Every company should decide on and communicate at least one person who acts as the contact person for all matters of password protection and data security for the employees in case of questions or problems.
Set and enforce policies for secure passwords
You can read more about what you should think of in terms of lenght and complexity of secure passwords in our tipps for creating strong passwords. For companies, it is essential to develop and to communicate password policies for everyone inside the organization. For example, a guideline could define that every password needs to be at least 12 characters long and contain upper-case and lower-case characters as well as a number. Very important: Check that your employees actually comply with your policy.
Set and enforce policies for changing passwords
Passwords should be changed regularly. Depending on their importance, this could be every month or once a year. According policies should be created as well which guide the employees. This is especially important when employees leave the company. All accounts to which they had access should get a new password as soon as possible.
In the end, security should not decrease the productivity of your employees. Instead of sending out reminders manually or changing passwords yourself and send them to everyone, you should make work as easy as possible for them. Especially, if you consider how many accounts and passwords a normal company owns. Otherwise, your employees will spend a lot of time changing passwords or trying to remember them or - even worse - writing them down on Post-its and sticking them to the monitor. Alternatively, they might search for workarounds to bypass your policies. Instead, you should provide your employees with easy-to-use password tools which can do most of the work for them.
Password management in companies with Password Depot Server
With Password Depot Server, all your password files will be stored encrypted and centrally on a company server. All employees access and use passwords according to the rights they were given via an easy-to-use user interface (Password Depot Client). The only thing they will need to remember is their personal master password. Because of this central management it is much easier to change passwords for everyone, to define password policies and enforce them. In addition, it is no longer necessary to search for the latest version of a password in e-mails or on the server.
If an employee leaves the company, an administrator can block his/her access via the control panel and change the passwords to which he/she had access. The other employees don't even need to be informed about it: They can always access the latest version of a password and can continue working without interruptions.
The comprehensive encryption of all data as well as the detailed assigning of rights increase security: You can define for every user individually which changes he can make in which file and which possibilities he has to export or print passwords, for example.
Conclusion: Using Password Depot Server in your company will not only increase security a lot, but also productivity. Changing of access data no longer have to be communcated via e-mail. All login data can be managed in a central and well-structured way.